Prioritizing Threat Intelligence

Not all threat intelligence indicators are equal. Some require immediate response,
while others can be addressed as time and availability permits. As a result, you must triage
and rank threats by severity.

In HCP, you assign severity
by associating possibly complex conditions with numeric scores. Then, for each message,
you use a configurable aggregation function to evaluate the set of conditions and to
aggregate the set of numbers for matching conditions This aggregated score is added to
the message in the threat.triage.level field.

Understanding Threat Triage Rule ConfigurationThe goal of threat triage is to prioritize the alerts that pose the greatest threat and need urgent attention. To create a threat triage rule configuration, you must first define your rules.